Black Basta Ransomware Strikes 500+ Entities Across North America, Europe, and Australia
May 13, 2024
Ransomware / Endpoint Security
The Black Basta ransomware-as-a-service (RaaS) operation has targeted more than 500 private industry and critical infrastructure entities in North America, Europe, and Australia since its emergence in April 2022. In a joint advisory published by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), the agencies said the threat actors encrypted and stole data from at least 12 out of 16 critical infrastructure sectors. "Black Basta affiliates use common initial access techniques — such as phishing and exploiting known vulnerabilities — and then employ a double-extortion model, both encrypting systems and exfiltrating data," the bulletin read . Unlike other ransomware groups, the ransom notes dropped at the end of the attack do not contain an initial ransom demand or payment instructions. Rather, the note